Research And Implementation Of Access Control Semantic Compatibility Conflict Analysis Technology

The behaviors of network device depend on the sentences of safe configuration. The configuration sentences express the access control intention named access control semantic. If the access control semantics of two sentences are contrary with each other, and those two sentences belong to a device, then semantic compatibility conflict occur. And safe problem would happen because of semantic conflict. So an improperly configured infrastructure may unintentionally hinder the normal operation of application. network access control conflict would lead to the loss of control, and then result in leaking sensitive information, permiting malicious accesses, denying legal accesses or hinderning the running of business. There are so many different kinds of devices which have different configuration lexicals and syntax, so that administrators can not find out or locate the conflict from the configuration.For solving that problem, This paper analyses the access control configuration based on semantic, and using ontology to respresent the semantic of access control. Then using semantic web rule language to analyse the configuration and figure out the location and reason of conflict. The main contributions can be summarized as follow:Firstly,we reviewe the current research about access control analysis including access control, conflict and ontology. Conbined with project background, indicate the shortage of current access control conflict analysis methods. And using ontology to represent the semantic of access control, and analysing the conflict based ontology contrain with SWRL.Secondly, we present the hierarchic access control semantic model according to computer network,TCP/IP protocol suite and access control technology. And give the representation of access control based ontology.Thirdly, an algorithm of access control semantic generation and conflict analysis is given refer to semantic extracting technology, ontology technology and swrl technology.At last, we design and develop a configuration conflict analysis system. In addition, some experiments are conducted, and the result show the feasibility and validity of the system.